Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Tool Tip: vFeed SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Tool Tip: vFeed

I have had a number of occasions lately to use or talk about vFeed from Toolswatch.org (@toolwatch). NJ's written a little gem here; a useful Python CLI tool that pulls CVEs and other Mitre datasets.

From the vFeed Github repo: "vFeed framework is an open source naming scheme concept that provides extra structured detailed third-party references and technical characteristics for a CVE entry through an extensible XML schema. It also improves the reliability of CVEs by providing a flexible and comprehensive vocabulary for describing the relationship with other standards and security references."

I was reminded of vFeed when @FruityWifi included a vFeed module in the latest FruityWifi release, a topic for my latest toolsmith column, Inside and Outside the Wire with FruityWifi & WUDS. Using vFeed is really straightforward, particularly now with its handy search feature. Change directories to your installation path, and as long as you have a Python interpreter available, simply type vfeedcli.py and it will dump its usage file as seen in Figure 1.

vFeed usage

Figure 1: vFeed usage

You can use the likes of vfeedcli.py search CVE-2014-6271 to look for everyone's current fave, the Shellshock CVE (see also: CVE-2014-7169, the fix for the fix), resulting in Figure 2.

vFeed search

Figure 2: vFeed search

Note that vFeed recommend that I export that CVE for more information. Ok, I will! The result is an XML file that includes every facet of the vulnerability including all the reference URLs, cross references, vulnerable targets (CPE), risk scoring (CVSS),  patch management details, attack patterns, assessment data (exploits & vuln scanning), and even Snort & Suricata signature details. I love vFeed so much I even wrote a little R app to parse vFeed XML exports for quick summaries (will be sharing in December as part of a Linux Magazine article, Security Data Analytics & Visualization With R), so stay tuned.

Download and experiment with vFeed at your earliest convenience. So simple, so useful, just a cool little app. Remember to run vfeedcli.py update as you begin each session to ensure you have the latest dataset. Cheers and enjoy!

Russ McRee

194 Posts
ISC Handler
Nov 5th 2014
vFeed is a great concept and I love the tool, though I wish the author published how the vFeed.db itself is constructed, or the scripts used to generate that content.
Right now the framework is opensource, but vFeed.db needs to be regularly downloaded from the toolswatch website, which makes it unreliable when searching for vulnerabilities publicised in the last few days.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!